[Unbound-users] Insisting on DNSSEC
Tom Hendrikx
tom at whyscream.net
Mon Jan 13 15:32:26 UTC 2014
On 01/13/2014 03:32 PM, Joe Abley wrote:
>
> On 2014-01-11, at 17:16, Anand Buddhdev <anandb at ripe.net> wrote:
>
>> On 11/01/2014 23:00, Rick van Rein wrote:
>>
>>> Am I correct that Unbound cannot require DNSSEC validation for its
>>> resolution?
>>
>> Not sure what you are asking here.
>
> I think the question is whether it's possible to configure an unbound validator to treat verifiably insecure data the same as bogus data when deciding how to respond to a query from a client.
>
> The answer to that question seems to be no.
>
I'm not sure, but might this be easy to implement within unbound using
the python plugin interface?
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20140113/e8c5bcd2/attachment.bin>
More information about the Unbound-users
mailing list